Skip to content

Instantly share code, notes, and snippets.

@nathan-hyan

nathan-hyan/README.md

Created October 23, 2024 15:53
Show Gist options
  • Save nathan-hyan/25836fb98337e055bef8755a4d339a8f to your computer and use it in GitHub Desktop.
Save nathan-hyan/25836fb98337e055bef8755a4d339a8f to your computer and use it in GitHub Desktop.
Download ZIP
skip and bypass macos mdm
Raw
README.md

Before starting:

This was tested on a MacBook Pro 2019. I cannot confirm if this method works on another machines. Also, I do not take ANY responsibility if something happens to your Mac. If you do this like im telling you to, it should work as expected.

Steps:

  1. Install MacOS WITHOUT ANY CONNECTION TO THE INTERNET (If the router can be turned off, please do). You can get more information on how to do this in the Apple support page: support.apple.com/en-us/102662 I performed my tests using Monterrey, since (I think) that's the OS that it came with the machine.

  2. Once the main installation is finished and it starts asking you for configurations, you should note that It does skip the enrollment part, once you're in the desktop. You can re-activate the internet.

  3. Reboot the machine and enter recovery mode (For me, this was done pressing cmd + R until the Apple logo shows up), open the console and perform the following steps. Don't exit recovery mode until specified.

    1. Enter the command: crsutil disable. This will ask for a reboot. Go ahead but make sure to re-enter recovery mode.

    2. Once into recovery mode, open the terminal again and enter the command: cd /var/db/ConfigurationProfiles/Settings/

    3. Enter the following two commands:

      1. rm .cloudConfigHasActivationRecord
      2. rm .cloudConfigRecordFound These commands can, or cannot work. They did return an error on my machine but i've tried anyway.

    4. Create the following files with the commands:

      1. touch .cloudConfigProfileInstalled
      2. touch .cloudConfigRecordNotFound To assure that these files were created, you can use ls -a to see all the files in the folder. If they appear after the command, you're set.

    5. Run the following command: sudo launchctl disable system/com.apple.ManagedClient.enroll This may or may not return something in the console. (For me, it did not)

    6. Block the domains related to mdm enrollment. For this we're going to use Vim and open it with the command: vim /etc/hosts (Heres a great guide on how to use vim if needed: https://www.geeksforgeeks.org/entering-editing-mode-in-vim-editor/) Once vim is open, add the following to the end of the file:

0.0.0.0 iprofiles.apple.com
0.0.0.0 mdmenrollment.apple.com
0.0.0.0 deviceenrollment.apple.com
0.0.0.0 gdmf.apple.com
0.0.0.0 acmdm.apple.com
0.0.0.0 albert.apple.com
  1. Reboot system, but re-enter recovery mode for one last command on the terminal: crsutil enable Once executed, it'll ask for a reboot. Go ahead and let it reboot into normal mode without pressing any keys.
  2. Once rebooted into normal mode, login into your account. You shouldn't get the MDM pop-up anymore. Still, to be sure you can execute the following command inside a terminal. If this command returns an error, you're set. sudo profiles show -type enrollment
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment